Set Up A Local VPN’ed SOCKS Proxy
There may be a time when you only want a specific program (or set of programs) to run through a VPN rather than your whole connection. I recently set up a local Ubuntu 12.04.4 server that allows me to do this, and I’m going to show you how I did it. For this guide I’m going to assume you already have Ubuntu Server installed.
Required Tools
- A machine running Ubuntu Server. I’ll be using a virtualized machine running 12.04.4
- Bitvise Tunnelier (free for personal use)
- A VPN Provider. I will be using Private Internet Access. Note that we will be using OpenVPN in this guide, so make sure to choose a VPN provider that provides OpenVPN configuration files or that you know how to create them. Private Internet Access provides a downloadable zip file with all their configuration files.
Set a Static IP
Our server will need a static IP address so that it doesn’t change on us. To do this, we’ll need to edit /etc/network/interfaces
. I’ll be using the IP address 192.168.1.20
. Let’s fire up the nano editor and edit this file by typing:
1 |
sudo nano /etc/network/interfaces |
Here’s what my configuration looks like to use the IP 192.168.1.20
:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.20 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 8.8.8.8 8.8.4.4 |
When you’ve updated the interfaces
file, reboot your server by typing sudo reboot now
. You should now be able to connect to the machine using the static IP address.
Install OpenVPN
Next we’ll need to install OpenVPN. We can do this by typing:
1 |
sudo apt-get install openvpn |
Upload OpenVPN Configuration Files
After we’ve installed OpenVPN, it’s time to grab the configuration files from our VPN provider. For Private Internet Access, they can be obtained from here. I downloaded the OPENVPN CONFIGURATION FILES (IP)
. Once you have all your configuration files, upload them to the server. I’ll be uploading them to /home/vpn
. If the configuration file you want to use has any spaces in its name, you can remove them to make it easier later. I’ll be using the US Seattle.ovpn
configuration file from Private Internet Access but renaming it to USSeattle.opvn
.
Create the Startup Script
Next we’ll create the startup script. We want our server to automatically connect to the VPN upon startup so we don’t need to manually connect each time. Let’s fire up our editor and create the startup script by typing:
1 |
sudo nano /etc/init.d/vpn_startup.sh |
Once we’re in the editor, enter the following:
1 2 |
#!/bin/bash openvpn --config /home/vpn/USSeattle.ovpn --auth-user-pass /home/vpn/credentials --daemon |
This will start OpenVPN using the configuration file /home/vpn/USSeattle.opvn
and using /home/vpn/credentials
as our credentials file. This file doesn’t exist yet, but we’ll create it soon. After you’ve saved vpn_startup.sh
, run the following commands:
1 2 |
sudo update-rc.d vpn_startup.sh defaults sudo chmod +x /etc/init.d/vpn_startup.sh |
Create the Credentials File
The credentials file is a plain text file that will store our username and password. Let’s create this file using the nano editor:
1 |
nano /home/vpn/credentials |
In this file, enter your username and password for connecting to the VPN on separate lines:
1 2 |
username password |
At this point if we were to reboot our server, it would connect to the VPN on startup. If we reboot however, we’ll lose the ability to SSH into the server which we need for the SOCKS proxy. To remedy this, we’ll need to modify the OpenVPN configuration file to run a custom script that will add some routing rules so we can still SSH into our server.
Modify the OpenVPN Configuration File
We need to edit our OpenVPN configuration file so we can add a couple lines to it. Lets fire up nano once again:
1 |
nano /home/vpn/USSeattle.ovpn |
At the bottom of this file, add the lines:
1 2 |
script-security 2 up /home/vpn/script.sh |
This will allow us to run a custom script once the VPN connection is made. This script isn’t created yet, but we’ll create it in the next step.
Also, in this file you’ll see a line that starts with ca
, such as ca ca.crt
. We need to update this line with the absolute path to the certificate file. So, change this line to:
1 |
ca /home/vpn/ca.crt |
Here is what the final configuration will look like:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
client dev tun proto udp remote 173.192.176.159 1194 resolv-retry infinite nobind persist-key persist-tun ca /home/vpn/ca.crt tls-client remote-cert-tls server auth-user-pass comp-lzo verb 1 reneg-sec 0 script-security 2 up /home/vpn/script.sh |
Create the Connection Script
Next we’ll create the script that will run once a VPN connection is made successfully. Lets fire up nano again:
1 |
nano /home/vpn/script.sh |
Add the following lines:
1 2 3 |
#!/bin/bash ip route add table 10 to 192.168.1.0/24 dev eth0 ip route add table 10 default via 192.168.1.1 |
I’ll be honest I’m not entirely sure how these rules work, but they allow us to connect to the server via SSH when connected to the VPN. I assume that the table 10
part of it references the VPN IP address. When I’m successfully connected to the VPN, the tunnel adapter is assigned an IP address of 10.x.x.x. Once you’ve saved this file, we need to add execute permissions to it:
1 |
chmod +x /home/vpn/script.sh |
You can now reboot your server using sudo reboot now
. Upon restart, your server should automatically connect to the VPN, and you should still be able to SSH to it.
Create the SOCKS Proxy
Next we’ll need to fire up Bitvise Tunnelier that you downloaded at the start of this guide. Enter the following settings on the Login tab:
Finally, enter the following on the Services tab:
The port number is up to you. Just remember it for later when we go to set our application up to use the proxy. Finally, click the Login button.
Use the Proxy!
Now you’ll have to set up the connection settings in the application you want to use the proxy for. I’ll use Firefox as an example. Open up Firefox and go to the settings:
Next, click the Advanced tab followed by the Settings… button under Connection:
Enter the following settings (use the port you used from earlier):
Click OK to everything and Firefox should now be using your SOCKS proxy and VPN connection! If you’d like to only VPN certain websites, I’d recommend the FoxyProxy extension for Firefox or Chrome. To verify that it’s using the VPN’ed connection, you can go to whatismyip.com and look at the IP address.
Recent Comments